sym / asym key concept

nangananga Member Posts: 201
Ok here is a scenario and after that there is a question on concept

""
Bob can encrypt data with his private key, and the receiver can then decrypt it with Bob’s public key. By decrypting the message with Bob’s public key, the receiver can be sure the message really came from Bob. A message can be decrypted with a public key only if the message was encrypted with the corresponding private key.
""

does bob have a single private key ..bobs public key is available to everyone. so if a Man in the middle picks up this data encrypted with bobs private key, can he use the bobs public key to open the lock?

or

does bob encrypt data with a different private key each time

Comments

  • shednikshednik Member Posts: 2,005
    Bob would have the same private key but would at least the way I did it in a course I had was used the public key of the recipient to encrypt and then sent it off. When she received the encrypted file using her private key was able to decrypt it. I do believe they are reversible where you can encrypt with your private and decrypt with your public as well but I don't know that 100%.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Bob wouldn't use his private key to encrypt data. People use their own private key to sign data, not encrypt it. This ensures integrity/non-repudiation, but not confidentiality. As stated, his public key is public, so anyone who has that can view the data. Instead, he would use the recipients public key to encrypt the data since the only person who can decrypt that is the recipient, with his private key.
  • nangananga Member Posts: 201
    ohh ok..

    so signing with ones private key is to prove non repudiation and not confidentiality.

    So its just to say " dude i assure u this came from me and anyone having my public key can read the data"
  • shednikshednik Member Posts: 2,005
    I forgot to add that bob would use his private key to sign it which dynamik picked up the slack for me...oh how nice of him icon_wink.gif
  • shednikshednik Member Posts: 2,005
    nanga wrote:
    So its just to say " dude i assure u this came from me and anyone having my public key can read the data"

    EDIT: It can be done that way but I wouldn't want my encrypted data to be decrypted by a public key. I was taught the proper way would be you would encrypt the data with the recipients public key, digitally sign it saying it was from you with your private key. the recipient would use his/her private key to decrypt the data and you public key to verify it was form you.
  • LarryDaManLarryDaMan Member Posts: 797
    dynamik wrote:
    Bob wouldn't use his private key to encrypt data. People use their own private key to sign data, not encrypt it. This ensures integrity/non-repudiation, but not confidentiality. As stated, his public key is public, so anyone who has that can view the data. Instead, he would use the recipients public key to encrypt the data since the only person who can decrypt that is the recipient, with his private key.

    Very good explanation. This is Security+ level material. You gotta have these concepts down cold if you are taking the CISSP.
  • nangananga Member Posts: 201
    yup thats bang on target...
  • susanjsusanj Member Posts: 5 ■□□□□□□□□□
    nanga wrote:
    Ok here is a scenario and after that there is a question on concept

    ""
    Bob can encrypt data with his private key, and the receiver can then decrypt it with Bob’s public key. By decrypting the message with Bob’s public key, the receiver can be sure the message really came from Bob. A message can be decrypted with a public key only if the message was encrypted with the corresponding private key.
    ""

    does bob have a single private key ..bobs public key is available to everyone. so if a Man in the middle picks up this data encrypted with bobs private key, can he use the bobs public key to open the lock?

    or

    does bob encrypt data with a different private key each time

    It is possible to use an asymmetric cipher in that way in theory, but usually there is almost always a random generated key that is used to encrypt the data and then that random key is encrypted with the recipient public key. The recipient first decrypt the random key using his own private key and then that random key is used to decrypt data.

    Using an asymmetric cipher alone is extremely slow and it's also less secure.
    Security+, CISA, Infinidox ISMCP
Sign In or Register to comment.